INFO: task syz.4.98:4175 blocked for more than 143 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.4.98 D14648 4175 1569 0x00000004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_read_slowpath+0x318/0x560 kernel/locking/rwsem.c:1099 __down_read kernel/locking/rwsem.c:1341 [inline] down_read+0xa4/0xd0 kernel/locking/rwsem.c:1494 i_mmap_lock_read include/linux/fs.h:543 [inline] hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0033:0x7fa68bb1f629 Code: Bad RIP value. RSP: 002b:00007fff6a8816f0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffffff7fffff RDX: 781489698450e29c RSI: 0000000020800000 RDI: 00005555575503c8 RBP: 00007fa68be05a80 R08: 00007fa68bace000 R09: 0000000000000008 R10: 0000000000000000 R11: 0000000000000003 R12: 000000000000d07f R13: 00007fff6a8817f0 R14: 0000000000000032 R15: fffffffffffffffe INFO: task syz.4.98:4176 blocked for more than 143 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.4.98 D14384 4176 1569 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_ref_private mm/hugetlb.c:4085 [inline] hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 hugetlb_fault+0x6f6/0xaa0 mm/hugetlb.c:4632 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0018:ffffc90001937e70 EFLAGS: 00050202 RAX: 0000000020028880 RBX: 000000000000f1f8 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc90001937e88 RDI: 0000000020028878 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888225790880 R10: 0000000000000001 R11: ffff888225790000 R12: 0000000020028878 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001937e8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fa68bc4bff9 Code: Bad RIP value. RSP: 002b:00007fa68b6cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007fa68be03f80 RCX: 00007fa68bc4bff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007fa68bcbe296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fa68be03f80 R15: 00007fff6a881588 INFO: task syz.4.98:4185 blocked for more than 143 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.4.98 D15032 4185 4175 0x80000000 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 unmap_vmas+0x37/0x50 mm/memory.c:1342 exit_mmap+0xa4/0x180 mm/mmap.c:3150 __mmput kernel/fork.c:1094 [inline] mmput+0x2e/0xe0 kernel/fork.c:1115 exit_mm kernel/exit.c:483 [inline] do_exit+0x32c/0xb60 kernel/exit.c:793 __do_sys_exit kernel/exit.c:873 [inline] __se_sys_exit kernel/exit.c:871 [inline] __x64_sys_exit+0x12/0x20 kernel/exit.c:871 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fa68bc4bff9 Code: Bad RIP value. RSP: 002b:00007fa68b6abfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c RAX: ffffffffffffffda RBX: 00007fa68be04058 RCX: 00007fa68bc4bff9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fa68bcbe296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fa68be04058 R15: 00007fff6a881588 INFO: task syz.0.99:4188 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.0.99 D14656 4188 2095 0x00000004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_ref_private mm/hugetlb.c:4085 [inline] hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 hugetlb_fault+0x6f6/0xaa0 mm/hugetlb.c:4632 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0033:0x7f87b3e50629 Code: Bad RIP value. RSP: 002b:00007fff4105e440 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffffff7fffff RDX: 0a5e629b5b89cc61 RSI: 0000000020800000 RDI: 0000555555d513c8 RBP: 00007f87b4136a80 R08: 00007f87b3dff000 R09: 0000000000000008 R10: 0000000000000000 R11: 0000000000000003 R12: 000000000000d0b8 R13: 00007fff4105e540 R14: 0000000000000032 R15: fffffffffffffffe INFO: task syz.0.99:4189 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.0.99 D14584 4189 2095 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_read_slowpath+0x318/0x560 kernel/locking/rwsem.c:1099 __down_read kernel/locking/rwsem.c:1341 [inline] down_read+0xa4/0xd0 kernel/locking/rwsem.c:1494 i_mmap_lock_read include/linux/fs.h:543 [inline] hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0000:ffffc9000191fe70 EFLAGS: 00050202 RAX: 000000002001ee78 RBX: 00000000000057f0 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc9000191fe88 RDI: 000000002001ee70 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888222c98880 R10: 0000000000000001 R11: ffff888222c98000 R12: 000000002001ee70 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc9000191fe8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f87b3f7cff9 Code: Bad RIP value. RSP: 002b:00007f87b39fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007f87b4134f80 RCX: 00007f87b3f7cff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007f87b3fef296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f87b4134f80 R15: 00007fff4105e2d8 INFO: task syz.0.99:4191 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.0.99 D15032 4191 4188 0x80000000 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 rwsem_down_write_slowpath+0x38b/0x570 kernel/locking/rwsem.c:1235 i_mmap_lock_write include/linux/fs.h:528 [inline] unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 unmap_vmas+0x37/0x50 mm/memory.c:1342 exit_mmap+0xa4/0x180 mm/mmap.c:3150 __mmput kernel/fork.c:1094 [inline] mmput+0x2e/0xe0 kernel/fork.c:1115 exit_mm kernel/exit.c:483 [inline] do_exit+0x32c/0xb60 kernel/exit.c:793 __do_sys_exit kernel/exit.c:873 [inline] __se_sys_exit kernel/exit.c:871 [inline] __x64_sys_exit+0x12/0x20 kernel/exit.c:871 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f87b3f7cff9 Code: Bad RIP value. RSP: 002b:00007f87b39dcfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c RAX: ffffffffffffffda RBX: 00007f87b4135058 RCX: 00007f87b3f7cff9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f87b3fef296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f87b4135058 R15: 00007fff4105e2d8 INFO: task syz.1.101:4197 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.1.101 D13368 4197 2094 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 schedule_preempt_disabled+0x5/0x10 kernel/sched/core.c:4290 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3c4/0x700 kernel/locking/mutex.c:1103 hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0018:ffffc90001997e70 EFLAGS: 00050202 RAX: 000000002001fe70 RBX: 00000000000067e8 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc90001997e88 RDI: 000000002001fe68 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888225788880 R10: 0000000000000001 R11: ffff888225788000 R12: 000000002001fe68 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc90001997e8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f733705bff9 Code: Bad RIP value. RSP: 002b:00007f7336add038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007f7337213f80 RCX: 00007f733705bff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007f73370ce296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f7337213f80 R15: 00007fffeb23e148 INFO: task syz.1.101:4202 blocked for more than 144 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.1.101 D14160 4202 2094 0x00000004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 schedule_preempt_disabled+0x5/0x10 kernel/sched/core.c:4290 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3c4/0x700 kernel/locking/mutex.c:1103 hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 vfs_fallocate+0x13d/0x270 fs/open.c:309 ksys_fallocate+0x37/0x70 fs/open.c:332 __do_sys_fallocate fs/open.c:340 [inline] __se_sys_fallocate fs/open.c:338 [inline] __x64_sys_fallocate+0x15/0x20 fs/open.c:338 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f733705bff9 Code: Bad RIP value. RSP: 002b:00007f7336abc038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 00007f7337214058 RCX: 00007f733705bff9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00007f73370ce296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f7337214058 R15: 00007fffeb23e148 INFO: task syz.3.105:4229 blocked for more than 145 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.3.105 D14584 4229 2102 0x00004004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 schedule_preempt_disabled+0x5/0x10 kernel/sched/core.c:4290 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3c4/0x700 kernel/locking/mutex.c:1103 hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 handle_mm_fault+0x60a/0xe60 mm/memory.c:4382 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:91 Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a RSP: 0018:ffffc900019b7e70 EFLAGS: 00050202 RAX: 000000002001f440 RBX: 0000000000005db8 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffc900019b7e88 RDI: 000000002001f438 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff8882257eb800 R10: 0000000000000001 R11: ffff8882257eaf80 R12: 000000002001f438 R13: 0000000000018ff8 R14: 0000000020019680 R15: ffffc900019b7e8c copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline] _copy_to_user+0x22/0x30 lib/usercopy.c:29 copy_to_user include/linux/uaccess.h:152 [inline] msr_read+0x62/0xe0 arch/x86/kernel/msr.c:62 vfs_read fs/read_write.c:462 [inline] vfs_read+0x8f/0x150 fs/read_write.c:447 ksys_read+0x5a/0xd0 fs/read_write.c:588 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7ff8dfdbaff9 Code: Bad RIP value. RSP: 002b:00007ff8df83c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 00007ff8dff72f80 RCX: 00007ff8dfdbaff9 RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 RBP: 00007ff8dfe2d296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007ff8dff72f80 R15: 00007ffda54611d8 INFO: task syz.3.105:4232 blocked for more than 145 seconds. Not tainted 5.7.0-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz.3.105 D14328 4232 2102 0x00000004 Call Trace: context_switch kernel/sched/core.c:3430 [inline] __schedule+0x2ca/0x650 kernel/sched/core.c:4156 schedule+0x3b/0xa0 kernel/sched/core.c:4231 schedule_preempt_disabled+0x5/0x10 kernel/sched/core.c:4290 __mutex_lock_common kernel/locking/mutex.c:1033 [inline] __mutex_lock+0x3c4/0x700 kernel/locking/mutex.c:1103 hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 vfs_fallocate+0x13d/0x270 fs/open.c:309 ksys_fallocate+0x37/0x70 fs/open.c:332 __do_sys_fallocate fs/open.c:340 [inline] __se_sys_fallocate fs/open.c:338 [inline] __x64_sys_fallocate+0x15/0x20 fs/open.c:338 do_syscall_64+0x50/0x180 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7ff8dfdbaff9 Code: Bad RIP value. RSP: 002b:00007ff8df81b038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 00007ff8dff73058 RCX: 00007ff8dfdbaff9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00007ff8dfe2d296 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007ff8dff73058 R15: 00007ffda54611d8 Showing all locks held in the system: 2 locks held by kworker/u4:0/7: #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #1: ffffc90000043e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc90000043e78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 2 locks held by kworker/u4:1/21: #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff888236c20938 ((wq_completion)events_unbound){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #1: ffffc900000bfe78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc900000bfe78 ((work_completion)(&sub_info->work)){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 1 lock held by khungtaskd/217: #0: ffffffff8226cd60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x15/0xfc kernel/locking/lockdep.c:5780 3 locks held by kworker/u4:2/218: #0: ffff8882333dd538 ((wq_completion)netns){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #0: ffff8882333dd538 ((wq_completion)netns){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #1: ffffc900000d7e78 (net_cleanup_work){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline] #1: ffffc900000d7e78 (net_cleanup_work){....}-{0:0}, at: process_one_work+0x1bd/0x460 kernel/workqueue.c:2232 #2: ffffffff8226d5a8 (rcu_state.barrier_mutex){....}-{3:3}, at: rcu_barrier+0x27/0x1d0 kernel/rcu/tree.c:3578 2 locks held by getty/960: #0: ffff8882358f1898 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x50 drivers/tty/tty_ldisc.c:267 #1: ffffc900015a72e8 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0xd4/0x9c0 drivers/tty/n_tty.c:2156 3 locks held by kworker/1:8/1144: 2 locks held by syz.4.98/4175: #0: ffff888225726528 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888225726528 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 4 locks held by syz.4.98/4176: #0: ffff888225726528 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888225726528 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 1 lock held by syz.4.98/4185: #0: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888225729cd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 4 locks held by syz.0.99/4188: #0: ffff888222c013e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888222c013e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 2 locks held by syz.0.99/4189: #0: ffff888222c013e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888222c013e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 1 lock held by syz.0.99/4191: #0: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888225754350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 3 locks held by syz.1.101/4197: #0: ffff888222c88768 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1252 [inline] #0: ffff888222c88768 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222c50790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222c50790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.1.101/4202: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c505d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c505d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.105/4229: #0: ffff88822429a068 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1252 [inline] #0: ffff88822429a068 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cbcbd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cbcbd0 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.3.105/4232: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cbca18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cbca18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.104/4231: #0: ffff888222d58da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1252 [inline] #0: ffff888222d58da8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222d94790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222d94790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.2.104/4233: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222d945d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222d945d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.111/6507: #0: ffff8882238293e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff8882238293e8 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cb8350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cb8350 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 3 locks held by syz.0.111/6523: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cb8198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cb8198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.112/6508: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222ee4198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222ee4198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.115/6530: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c50a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c50a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 2 locks held by syz.3.116/6536: #0: ffff8882257e0768 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff8882257e0768 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 4 locks held by syz.3.116/6538: #0: ffff8882257e0768 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff8882257e0768 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 3 locks held by syz.4.110/6543: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822575ac18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822575ac18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 1 lock held by syz.3.116/6545: #0: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888222cbd450 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 4 locks held by syz.0.117/8794: #0: ffff888222c02068 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1242 [inline] #0: ffff888222c02068 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x11d/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 #3: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #3: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_ref_private mm/hugetlb.c:4085 [inline] #3: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_cow+0x1ac/0x540 mm/hugetlb.c:4176 3 locks held by syz.0.117/8795: #0: ffff888222c02068 (&mm->mmap_sem#2){....}-{3:3}, at: do_user_addr_fault arch/x86/mm/fault.c:1252 [inline] #0: ffff888222c02068 (&mm->mmap_sem#2){....}-{3:3}, at: do_page_fault+0x4ec/0x59f arch/x86/mm/fault.c:1390 #1: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_read include/linux/fs.h:543 [inline] #1: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: hugetlb_fault+0x9b/0xaa0 mm/hugetlb.c:4555 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlb_fault+0x1ab/0xaa0 mm/hugetlb.c:4569 1 lock held by syz.0.117/8825: #0: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: i_mmap_lock_write include/linux/fs.h:528 [inline] #0: ffff888222cb8790 (&hugetlbfs_i_mmap_rwsem_key){....}-{3:3}, at: unmap_single_vma+0xaf/0xf0 mm/memory.c:1305 3 locks held by syz.2.126/8854: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222ee45d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222ee45d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.127/8850: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222caca18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222caca18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.132/8883: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cbdf58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cbdf58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.136/8893: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822575b058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822575b058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.158/11254: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225754a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225754a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.174/11327: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff8882256285d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff8882256285d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.208/11469: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822572b498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822572b498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.241/11592: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c52398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c52398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.243/11598: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222ee5f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222ee5f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.248/12613: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cb96d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cb96d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.249/12650: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225628e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225628e58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.261/13172: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225758a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225758a18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.266/13951: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222d97498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222d97498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.268/13960: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c527d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c527d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.287/15145: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cb9f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cb9f58 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.296/15344: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225629b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225629b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.325/16366: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822575b498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822575b498 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.364/16578: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c53d18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c53d18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0698 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.2.368/16595: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222ee7d18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222ee7d18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.380/17204: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222cbb058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222cbb058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0068 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.382/17550: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822562a398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822562a398 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.386/18055: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822572bd18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822572bd18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.448/19175: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c51b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c51b18 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.3.652/21353: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88822562a7d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88822562a7d8 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.0.717/22226: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225757058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225757058 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.4.791/22997: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888225729298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888225729298 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 3 locks held by syz.1.810/23127: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff888222c50198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff888222c50198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0728 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 1 lock held by syz-executor/18669: #0: ffffffff8226d6a0 (rcu_state.exp_mutex){....}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline] #0: ffffffff8226d6a0 (rcu_state.exp_mutex){....}-{3:3}, at: synchronize_rcu_expedited+0x2c4/0x360 kernel/rcu/tree_exp.h:838 1 lock held by syz-executor/19170: #0: ffffffff8226d6a0 (rcu_state.exp_mutex){....}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:322 [inline] #0: ffffffff8226d6a0 (rcu_state.exp_mutex){....}-{3:3}, at: synchronize_rcu_expedited+0xe6/0x360 kernel/rcu/tree_exp.h:838 3 locks held by syz.2.1999/20799: #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: file_start_write include/linux/fs.h:2917 [inline] #0: ffff8882346c0438 (sb_writers#14){....}-{0:0}, at: vfs_fallocate+0x218/0x270 fs/open.c:308 #1: ffff88821e874198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline] #1: ffff88821e874198 (&sb->s_type->i_mutex_key#15){....}-{3:3}, at: hugetlbfs_fallocate+0xb2/0x530 fs/hugetlbfs/inode.c:655 #2: ffff888234ac0848 (&hugetlb_fault_mutex_table[i]){....}-{3:3}, at: hugetlbfs_fallocate+0x1ca/0x530 fs/hugetlbfs/inode.c:708 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 217 Comm: khungtaskd Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x50/0x70 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.7+0x13/0x50 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x9b/0x9d lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline] watchdog+0x327/0x4b0 kernel/hung_task.c:289 kthread+0x10e/0x130 kernel/kthread.c:268 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:351 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 21284 Comm: modprobe Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__lock_acquire.isra.31+0x12c/0x3e0 kernel/locking/lockdep.c:4318 Code: 24 50 66 41 89 47 20 0f b6 c4 83 e0 7f 44 09 e0 41 88 47 21 41 0f b6 47 22 49 89 57 08 83 e0 fc 09 c1 41 88 4f 22 41 8b 57 20 <81> e2 ff 9f fb ff 89 d0 41 89 57 20 c1 e8 10 83 e0 f3 41 09 c0 45 RSP: 0000:ffffc9000038fce8 EFLAGS: 00000046 RAX: 0000000000000000 RBX: 0000000000000235 RCX: 0000000000000000 RDX: 0000000000000235 RSI: 0000000000000000 RDI: ffff88821e3f3828 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff88821e3f3800 R10: 0000000000000001 R11: ffff88821e3f2f80 R12: 0000000000000000 R13: ffff88821e3f2f80 R14: ffff888237c286c0 R15: ffff88821e3f3850 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f11c7e0d1b0 CR3: 000000021e3ce000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire+0x93/0x130 kernel/locking/lockdep.c:4959 local_lock_acquire include/linux/local_lock_internal.h:39 [inline] lru_cache_add+0xc0/0x250 mm/swap.c:471 wp_page_copy+0x245/0x710 mm/memory.c:2715 do_wp_page+0x94/0x570 mm/memory.c:2982 handle_pte_fault mm/memory.c:4233 [inline] __handle_mm_fault mm/memory.c:4347 [inline] handle_mm_fault+0x79c/0xe60 mm/memory.c:4384 do_user_addr_fault arch/x86/mm/fault.c:1301 [inline] do_page_fault+0x2ad/0x59f arch/x86/mm/fault.c:1390 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203 RIP: 0033:0x7f11c7e182d7 Code: 14 c6 48 83 c2 10 eb 9c 49 8b 04 24 48 85 c0 0f 84 84 00 00 00 41 f6 84 24 1e 03 00 00 20 75 79 49 8b 54 24 60 48 85 d2 74 04 <48> 01 42 08 49 8b 54 24 58 48 85 d2 74 04 48 01 42 08 49 8b 54 24 RSP: 002b:00007ffcb70dd680 EFLAGS: 00010202 RAX: 00007f11c7d4c000 RBX: 0000000000000032 RCX: 0000000000000029 RDX: 00007f11c7e0d1a8 RSI: 00007f11c7e0f100 RDI: 000000006fffffff RBP: 00007ffcb70dd7e0 R08: 000000006ffffdff R09: 000000006ffffeff R10: 000000006fffff41 R11: 000000006ffffe35 R12: 00007f11c7e0f0c0 R13: 00007ffcb70dd868 R14: 0000000070000022 R15: 00000000effffef5